2.845

2023影响因子

(CJCR)

  • 中文核心
  • EI
  • 中国科技核心
  • Scopus
  • CSCD
  • 英国科学文摘

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

时间序列分类模型的集成对抗训练防御方法

王璐瑶 曹渊 刘博涵 曾恩 刘坤 夏元清

王璐瑶, 曹渊, 刘博涵, 曾恩, 刘坤, 夏元清. 时间序列分类模型的集成对抗训练防御方法. 自动化学报, 2024, 50(12): 1−17 doi: 10.16383/j.aas.c240050
引用本文: 王璐瑶, 曹渊, 刘博涵, 曾恩, 刘坤, 夏元清. 时间序列分类模型的集成对抗训练防御方法. 自动化学报, 2024, 50(12): 1−17 doi: 10.16383/j.aas.c240050
Wang Lu-Yao, Cao Yuan, Liu Bo-Han, Zeng En, Liu Kun, Xia Yuan-Qing. Ensemble adversarial training defense for time series classification models. Acta Automatica Sinica, 2024, 50(12): 1−17 doi: 10.16383/j.aas.c240050
Citation: Wang Lu-Yao, Cao Yuan, Liu Bo-Han, Zeng En, Liu Kun, Xia Yuan-Qing. Ensemble adversarial training defense for time series classification models. Acta Automatica Sinica, 2024, 50(12): 1−17 doi: 10.16383/j.aas.c240050

时间序列分类模型的集成对抗训练防御方法

doi: 10.16383/j.aas.c240050 cstr: 32138.14.j.aas.c240050
基金项目: 国家自然科学基金(62273041, 61873034), 流程工业综合自动化国家重点实验室联合开放基金(2021-KF-21-05)资助
详细信息
    作者简介:

    王璐瑶:北京理工大学自动化学院硕士研究生. 主要研究方向为对抗攻击与防御, 时间序列, 网络安全. E-mail: luyaowangbit@gmail.com

    曹渊:北京理工大学自动化学院博士研究生. 主要研究方向为对抗学习, 强化学习, 网络安全. E-mail: yuancao@bit.edu.cn

    刘博涵:北京理工大学自动化学院硕士研究生. 主要研究方向为强化学习, 对抗训练, 网络安全. E-mail: bohanliu@bit.edu.cn

    曾恩:北京理工大学自动化学院硕士研究生. 主要研究方向为深度学习, 对抗攻击与防御. E-mail: enzeng@bit.edu.cn

    刘坤:北京理工大学自动化学院研究员. 主要研究方向为网络化控制理论与应用, 复杂网络安全. 本文通信作者. E-mail: kunliubit@bit.edu.cn

    夏元清:北京理工大学自动化学院教授. 主要研究方向为云控制, 云数据中心优化调度管理, 智能交通, 模型预测控制, 自抗扰控制, 鲁棒控制, 复杂网络控制与安全, 网络化控制理论与应用, 飞行器控制和空天地一体化网络协同控制. E-mail: xia_yuanqing@bit.edu.cn

Ensemble Adversarial Training Defense for Time Series Classification Models

Funds: Supported by National Natural Science Foundation of China (62273041, 61873034) and Joint Open Fund of the State Key Laboratory of Process Industry Integrated Automation (2021-KF-21-05)
More Information
    Author Bio:

    WANG Lu-Yao Master student at the School of Automation, Beijing Institute of Technology. Her research interest covers adversarial attacks and defense, time series, and cyber security

    CAO Yuan Ph.D. candidate at the School of Automation, Beijing Institute of Technology. His research interest covers adversarial learning, reinforcement learning, and cyber security

    LIU Bo-Han Master student at the School of Automation, Beijing Institute of Technology. His research interest covers reinforcement learning, adversarial training, and cyber security

    ZENG En Master student at the School of Automation, Beijing Institute of Technology. His research interest covers deep learning and adversarial attacks and defense

    LIU Kun Professor at the School of Automation, Beijing Institute of Technology. His research interest covers theory and applications of networked control, and security of complex networked systems. Corresponding author of this paper

    XIA Yuan-Qing Professor at the School of Automation, Beijing Institute of Technology. His research interest covers cloud control, cloud data center optimization scheduling and management, intelligent transportation, model predictive control, active disturbance rejection control, robust control, control and security of complex networked systems, theory and applications of networked control, and flight control and networked cooperative control for integration of space, air and earth

  • 摘要: 深度学习是解决时间序列分类(Time series classification, TSC)问题的主要途径之一. 然而, 基于深度学习的TSC模型易受到对抗样本攻击, 从而导致模型分类准确率大幅度降低. 为此, 研究了TSC模型的对抗攻击防御问题, 设计了集成对抗训练(Adversarial training, AT)防御方法. 首先, 设计了一种针对TSC模型的集成对抗训练防御框架, 通过多种TSC模型和攻击方式生成对抗样本, 并用于训练目标模型. 其次, 在生成对抗样本的过程中, 设计了基于Shapelets的局部扰动算法, 并结合动量迭代的快速梯度符号法(Momentum iterative fast gradient sign method, MI-FGSM), 实现了有效的白盒攻击. 同时, 使用知识蒸馏(Knowledge distillation, KD) 和基于沃瑟斯坦距离的生成对抗网络(Wasserstein generative adversarial network, WGAN) 设计了针对替代模型的黑盒对抗攻击方法, 实现了攻击者对目标模型未知时的有效攻击. 在此基础上, 在对抗训练损失函数中添加Kullback-Leibler (KL) 散度约束, 进一步提升了模型鲁棒性. 最后, 在多变量时间序列分类数据集UEA上验证了所提方法的有效性.
  • 图  1  时间序列分类算法模型示意图

    Fig.  1  The time series classification algorithm models

    图  2  集成对抗训练防御整体框架图

    Fig.  2  The overall framework diagram of the ensemble AT defense

    图  3  WGAN黑盒攻击模型结构图

    Fig.  3  The WGAN black-box attack model structure

    图  4  针对ResCNN模型的不同攻击

    Fig.  4  The different attacks against the ResCNN model

    图  5  针对不同模型的MI-FGSM攻击

    Fig.  5  The MI-FGSM attacks against the different models

    图  6  使用Shapelets前后效果对比

    Fig.  6  The effect comparison before and after using Shapelets

    图  7  黑盒对抗攻击在ArticularyWordRecognition上的结果

    Fig.  7  The results of black-box adversarial attacks on the ArticularyWordRecognition

    表  1  分类模型训练参数设置

    Table  1  The classification of the models for training parameter settings

    参数名称MultiTSTResCNNMLSTM-FCNOmniScaleCNN
    优化器SGDSGDSGDSGD
    学习率0.010.010.0010.001
    学习率衰减系数0.1/30轮0.1/30轮无衰减无衰减
    动量系数0.90.90.90.9
    权重衰减系数$2 \times10^{-4}$$2 \times10^{-4}$$2 \times10^{-4}$$2 \times10^{-4}$
    批次大小128128256256
    训练轮次100100300300
    下载: 导出CSV

    表  2  分类模型准确率

    Table  2  The accuracy rate of classification models

    子数据集名称MultiTSTResCNNMLSTM-FCNOmniScaleCNN
    ArticularyWordRecognition0.9800.9730.9830.983
    AtrialFibrillation0.3330.2000.3330.267
    BasicMotions0.7001.0001.0001.000
    CharacterTrajectories0.8970.7600.5960.811
    Cricket0.7500.9860.9861.000
    EigenWorms0.5730.8470.687/
    Epilepsy0.8040.9710.8480.783
    ERing0.9040.8480.9190.889
    EthanolConcentration0.2510.3040.255/
    FaceDetection0.5500.5270.5400.518
    FingerMovements0.5100.5200.4900.500
    HandMovementDirection0.6350.2970.4050.189
    Handwriting0.2790.2240.4920.626
    Heartbeat0.2930.7560.7070.712
    InsectWingbeat0.5880.1000.100/
    JapaneseVowels0.1380.0840.0840.084
    Libras0.1890.8670.1280.094
    LSST0.2180.6800.2190.475
    MotorImagery0.4600.5300.510/
    NATOPS0.6560.9280.7280.639
    PEMS-SF0.1680.7230.1270.127
    PenDigits0.1210.9860.1960.106
    PhonemeSpectra0.0230.3080.0510.056
    RacketSports0.6510.8420.5720.770
    SelfRegulationSCP10.6930.8230.1950.563
    SelfRegulationSCP20.5280.4940.5060.500
    SpokenArabicDigits0.3430.1000.1000.100
    StandWalkJump0.4670.4000.3330.333
    UWaveGestureLibrary0.8030.7940.8870.912
    DuckDuckGeese0.3200.620//
    下载: 导出CSV

    表  3  MI-FGSM的对抗攻击成功率

    Table  3  The success rate of adversarial attacks based on MI-FGSM

    子数据集名称 FGSM PGD MI-FGSM
    ArticularyWordRecognition $0.910 \pm 0.011$ $0.973 \pm 0.015$ $0.983 \pm 0.008$
    BasicMotions $0.680 \pm 0.010$ $0.820 \pm 0.019$ $0.870 \pm 0.017$
    CharacterTrajectories $0.596 \pm 0.063$ $0.616 \pm 0.118$ $0.622 \pm 0.046$
    Cricket $0.810 \pm 0.073$ $0.910 \pm 0.023$ $0.950 \pm 0.024$
    EigenWorms $0.710 \pm 0.023$ $0.840 \pm 0.011$ $0.790 \pm 0.054$
    Epilepsy $0.783 \pm 0.065$ $0.804 \pm 0.083$ $0.848 \pm 0.054$
    ERing $0.660 \pm 0.037$ $0.670 \pm 0.101$ $0.679 \pm 0.006$
    EthanolConcentration $0.180 \pm 0.100$ $0.250 \pm 0.064$ $0.270 \pm 0.005$
    FaceDetection $0.500 \pm 0.093$ $0.540 \pm 0.106$ $0.540 \pm 0.025$
    FingerMovements $0.490 \pm 0.017$ $0.500 \pm 0.003$ $0.570 \pm 0.094$
    HandMovementDirection $0.297 \pm 0.099$ $0.405 \pm 0.082$ $0.589 \pm 0.112$
    Handwriting $0.179 \pm 0.107$ $0.224 \pm 0.073$ $0.312 \pm 0.088$
    Heartbeat $0.293 \pm 0.091$ $0.326 \pm 0.117$ $0.342 \pm 0.061$
    Libras $0.697 \pm 0.037$ $0.867 \pm 0.060$ $0.910 \pm 0.115$
    LSST $0.720 \pm 0.024$ $0.860 \pm 0.019$ $0.820 \pm 0.084$
    MotorImagery $0.110 \pm 0.048$ $0.140 \pm 0.016$ $0.140 \pm 0.030$
    NATOPS $0.630 \pm 0.118$ $0.910 \pm 0.023$ $0.952 \pm 0.073$
    PEMS-SF $0.668 \pm 0.089$ $0.723 \pm 0.128$ $0.757 \pm 0.117$
    PenDigits $0.686 \pm 0.012$ $0.696 \pm 0.059$ $0.776 \pm 0.020$
    PhonemeSpectra $0.123 \pm 0.046$ $0.208 \pm 0.001$ $0.256 \pm 0.039$
    RacketSports $0.551 \pm 0.070$ $0.642 \pm 0.021$ $0.672 \pm 0.051$
    SelfRegulationSCP1 $0.790 \pm 0.063$ $0.832 \pm 0.008$ $0.890 \pm 0.033$
    SelfRegulationSCP2 $0.814 \pm 0.001$ $0.861 \pm 0.071$ $0.840 \pm 0.067$
    StandWalkJump $0.330 \pm 0.111$ $0.500 \pm 0.063$ $0.500 \pm 0.096$
    UWaveGestureLibrary $0.862 \pm 0.086$ $0.871 \pm 0.082$ $0.918 \pm 0.010$
    DuckDuckGeese $0.420 \pm 0.062$ $0.490 \pm 0.002$ $0.631 \pm 0.043$
    下载: 导出CSV

    表  4  基于Shapelets的局部扰动攻击实验结果

    Table  4  Experimental results of the local perturbation attacks based on Shapelets

    子数据集名称 MI-FGSM攻击 局部扰动攻击
    攻击成功率 扰动大小(MAE) 攻击成功率 扰动大小(MAE)
    ArticularyWordRecognition $0.983 \pm 0.007$ $0.425 \pm 0.022$ $0.923 \pm 0.025$ $0.088 \pm 0.007$
    BasicMotions $0.870 \pm 0.052$ $2.638 \pm 0.151$ $0.790 \pm 0.024$ $0.447 \pm 0.019$
    CharacterTrajectories $0.622 \pm 0.025$ $0.040 \pm 0.003$ $0.572 \pm 0.015$ $0.011 \pm 0.001$
    Cricket $0.950 \pm 0.034$ $0.947 \pm 0.020$ $0.895 \pm 0.040$ $0.247 \pm 0.016$
    EigenWorms $0.790 \pm 0.053$ $18.292 \pm 1.090$ $0.720 \pm 0.056$ $1.941 \pm 0.101$
    Epilepsy $0.848 \pm 0.030$ $0.359 \pm 0.020$ $0.808 \pm 0.022$ $0.098 \pm 0.006$
    ERing $0.679 \pm 0.021$ $0.490 \pm 0.035$ $0.600 \pm 0.019$ $0.220 \pm 0.013$
    EthanolConcentration $0.270 \pm 0.012$ $0.530 \pm 0.038$ $0.210 \pm 0.011$ $0.073 \pm 0.003$
    FaceDetection $0.540 \pm 0.027$ $2.411 \pm 0.126$ $0.490 \pm 0.020$ $0.824 \pm 0.050$
    FingerMovements $0.570 \pm 0.043$ $15.281 \pm 1.136$ $0.520 \pm 0.027$ $4.372 \pm 0.283$
    HandMovementDirection $0.589 \pm 0.041$ $9.308 \pm 0.703$ $0.518 \pm 0.035$ $4.721 \pm 0.308$
    Handwriting $0.312 \pm 0.020$ $1.019 \pm 0.070$ $0.297 \pm 0.024$ $0.241 \pm 0.012$
    Heartbeat $0.342 \pm 0.027$ $1.695 \pm 0.097$ $0.314 \pm 0.025$ $0.755 \pm 0.050$
    Libras $0.910 \pm 0.029$ $0.050 \pm 0.004$ $0.780 \pm 0.014$ $0.021 \pm 0.002$
    LSST $0.820 \pm 0.044$ $6.831 \pm 0.547$ $0.650 \pm 0.032$ $1.928 \pm 0.154$
    MotorImagery $0.140 \pm 0.009$ $25.570 \pm 1.946$ $0.080 \pm 0.005$ $7.880 \pm 0.596$
    NATOPS $0.952 \pm 0.057$ $0.321 \pm 0.021$ $0.910 \pm 0.025$ $0.754 \pm 0.050$
    PEMS-SF $0.757 \pm 0.031$ $0.050 \pm 0.004$ $0.742 \pm 0.019$ $0.025 \pm 0.002$
    PenDigits $0.776 \pm 0.029$ $4.940 \pm 0.303$ $0.658 \pm 0.036$ $2.132 \pm 0.135$
    PhonemeSpectra $0.256 \pm 0.015$ $8.019 \pm 0.623$ $0.256 \pm 0.020$ $3.894 \pm 0.215$
    RacketSports $0.672 \pm 0.054$ $3.294 \pm 0.208$ $0.647 \pm 0.025$ $1.944 \pm 0.131$
    SelfRegulationSCP1 $0.890 \pm 0.062$ $7.573 \pm 0.506$ $0.740 \pm 0.056$ $3.491 \pm 0.216$
    SelfRegulationSCP2 $0.840 \pm 0.049$ $4.885 \pm 0.293$ $0.790 \pm 0.032$ $1.994 \pm 0.160$
    StandWalkJump $0.500 \pm 0.029$ $0.579 \pm 0.041$ $0.500 \pm 0.022$ $0.384 \pm 0.031$
    UWaveGestureLibrary $0.918 \pm 0.030$ $0.383 \pm 0.018$ $0.722 \pm 0.028$ $0.175 \pm 0.009$
    DuckDuckGeese $0.631 \pm 0.050$ $14.750 \pm 1.089$ $0.597 \pm 0.046$ $4.579 \pm 0.302$
    下载: 导出CSV

    表  5  针对替代模型的黑盒对抗攻击实验结果

    Table  5  Experimental results of the black-box adversarial attacks for the surrogate model

    子数据集名称 知识蒸馏 黑盒对抗攻击
    原始模型准确率 替代模型准确率 攻击成功率 扰动大小
    ArticularyWordRecognition $0.973 \pm 0.014$ $0.966 \pm 0.016$ $0.923 \pm 0.025$ $0.352 \pm 0.026$
    BasicMotions $1.000 \pm 0.000$ $1.000 \pm 0.000$ $0.740 \pm 0.059$ $1.722 \pm 0.114$
    CharacterTrajectories $0.760 \pm 0.036$ $0.720 \pm 0.027$ $0.544 \pm 0.029$ $0.075 \pm 0.003$
    Cricket $0.986 \pm 0.011$ $0.937 \pm 0.018$ $0.825 \pm 0.033$ $1.474 \pm 0.112$
    EigenWorms $0.847 \pm 0.038$ $0.810 \pm 0.042$ $0.690 \pm 0.048$ $20.120 \pm 1.201$
    Epilepsy $0.971 \pm 0.011$ $0.359 \pm 0.012$ $0.790 \pm 0.037$ $0.419 \pm 0.021$
    ERing $0.848 \pm 0.033$ $0.794 \pm 0.031$ $0.600 \pm 0.048$ $0.575 \pm 0.021$
    FaceDetection $0.527 \pm 0.028$ $0.518 \pm 0.020$ $0.500 \pm 0.038$ $2.411 \pm 0.171$
    FingerMovements $0.520 \pm 0.028$ $0.507 \pm 0.035$ $0.670 \pm 0.032$ $15.281 \pm 1.176$
    Heartbeat $0.756 \pm 0.033$ $0.749 \pm 0.049$ $0.411 \pm 0.025$ $3.117 \pm 0.147$
    Libras $0.867 \pm 0.051$ $0.822 \pm 0.058$ $0.740 \pm 0.042$ $0.054 \pm 0.003$
    LSST $0.680 \pm 0.041$ $0.660 \pm 0.031$ $0.630 \pm 0.046$ $7.447 \pm 0.437$
    MotorImagery $0.530 \pm 0.019$ $0.440 \pm 0.033$ $0.120 \pm 0.008$ $27.430 \pm 1.302$
    NATOPS $0.928 \pm 0.039$ $0.733 \pm 0.041$ $0.850 \pm 0.061$ $2.120 \pm 0.093$
    PEMS-SF $0.723 \pm 0.023$ $0.711 \pm 0.028$ $0.714 \pm 0.041$ $0.072 \pm 0.002$
    PenDigits $0.986 \pm 0.004$ $0.981 \pm 0.004$ $0.410 \pm 0.024$ $5.131 \pm 0.381$
    PhonemeSpectra $0.308 \pm 0.023$ $0.308 \pm 0.021$ $0.211 \pm 0.020$ $7.914 \pm 0.513$
    RacketSports $0.842 \pm 0.041$ $0.790 \pm 0.057$ $0.600 \pm 0.048$ $3.721 \pm 0.191$
    SelfRegulationSCP1 $0.823 \pm 0.045$ $0.819 \pm 0.057$ $0.670 \pm 0.037$ $8.780 \pm 0.512$
    SelfRegulationSCP2 $0.494 \pm 0.037$ $0.317 \pm 0.018$ $0.660 \pm 0.021$ $5.130 \pm 0.391$
    StandWalkJump $0.400 \pm 0.033$ $0.320 \pm 0.029$ $0.500 \pm 0.027$ $0.584 \pm 0.023$
    UWaveGestureLibrary $0.794 \pm 0.039$ $0.788 \pm 0.034$ $0.625 \pm 0.041$ $0.693 \pm 0.045$
    DuckDuckGeese $0.620 \pm 0.041$ $0.570 \pm 0.048$ $0.490 \pm 0.035$ $12.750 \pm 0.821$
    下载: 导出CSV

    表  6  C&W攻击下集成不同攻击的防御结果

    Table  6  The defense results of ensemble different attacks under C&W attacks

    子数据集名称 原始模型ResCNN 白盒对抗训练 黑盒对抗训练 白盒 + 黑盒对抗训练
    ArticularyWordRecognition 0.427 0.426 0.517 0.683
    AtrialFibrillation 0.000 0.200 0.200 0.222
    BasicMotions 0.250 0.550 0.573 0.625
    CharacterTrajectories 0.060 0.417 0.448 0.537
    Cricket 0.264 0.528 0.598 0.778
    DuckDuckGeese 0.210 0.320 0.352 0.375
    EigenWorms 0.111 0.222 0.222 0.256
    Epilepsy 0.029 0.406 0.500 0.565
    ERing 0.159 0.559 0.600 0.674
    EthanolConcentration 0.002 0.100 0.150 0.200
    FaceDetection 0.500 0.523 0.523 0.523
    FingerMovements 0.470 0.490 0.490 0.490
    HandMovementDirection 0.203 0.216 0.216 0.216
    Handwriting 0.034 0.095 0.095 0.149
    Heartbeat 0.210 0.332 0.486 0.567
    InsectWingbeat 0.100 0.100 0.100 0.100
    JapaneseVowels 0.073 0.352 0.483 0.576
    Libras 0.083 0.217 0.413 0.667
    LSST 0.003 0.050 0.050 0.050
    MotorImagery 0.111 0.244 0.244 0.256
    NATOPS 0.050 0.083 0.100 0.150
    PEMS-SF 0.050 0.100 0.100 0.100
    PenDigits 0.100 0.300 0.300 0.400
    PhonemeSpectra 0.003 0.020 0.020 0.050
    RacketSports 0.083 0.200 0.200 0.300
    SelfRegulationSCP1 0.111 0.200 0.200 0.222
    SelfRegulationSCP2 0.050 0.100 0.100 0.100
    SpokenArabicDigits 0.020 0.030 0.030 0.050
    StandWalkJump 0.050 0.100 0.100 0.100
    UWaveGestureLibrary 0.083 0.200 0.200 0.300
    下载: 导出CSV

    表  7  C&W攻击下集成不同数量分类模型的防御结果

    Table  7  The defense results of ensemble different numbers of classification models under C&W attacks

    子数据集名称 单一模型 集成两个模型 集成三个模型 集成防御 集成防御 + KL散度 LSTM-FWED
    ArticularyWordRecognition 0.683 0.837 0.913 0.931 0.977 0.931
    AtrialFibrillation 0.222 0.333 0.333 0.333 0.333 0.333
    BasicMotions 0.625 0.715 0.753 0.796 0.815 0.875
    CharacterTrajectories 0.537 0.567 0.747 0.751 0.751 0.543
    Cricket 0.778 0.811 0.861 0.880 0.880 0.628
    DuckDuckGeese 0.375 0.350 0.410 0.540 0.560 0.480
    EigenWorms 0.256 0.256 0.433 0.472 0.498 0.378
    Epilepsy 0.565 0.657 0.696 0.746 0.746 0.622
    ERing 0.674 0.696 0.763 0.815 0.825 0.714
    EthanolConcentration 0.200 0.180 0.200 0.300 0.300 0.200
    FaceDetection 0.523 0.523 0.523 0.523 0.523 0.545
    FingerMovements 0.490 0.490 0.490 0.510 0.510 0.520
    HandMovementDirection 0.216 0.216 0.216 0.267 0.311 0.247
    Handwriting 0.149 0.155 0.171 0.171 0.171 0.095
    Heartbeat 0.567 0.558 0.722 0.730 0.730 0.756
    InsectWingbeat 0.100 0.100 0.100 0.100 0.100 0.100
    JapaneseVowels 0.576 0.759 0.844 0.900 0.900 0.844
    Libras 0.667 0.598 0.733 0.746 0.746 0.568
    LSST 0.050 0.050 0.050 0.169 0.169 0.350
    MotorImagery 0.256 0.244 0.300 0.311 0.311 0.433
    NATOPS 0.517 0.517 0.722 0.783 0.783 0.560
    PEMS-SF 0.301 0.202 0.579 0.588 0.611 0.473
    PenDigits 0.590 0.699 0.865 0.913 0.930 0.753
    PhonemeSpectra 0.059 0.059 0.059 0.044 0.044 0.059
    RacketSports 0.737 0.724 0.757 0.803 0.803 0.837
    SelfRegulationSCP1 0.357 0.416 0.498 0.536 0.536 0.618
    SelfRegulationSCP2 0.311 0.299 0.311 0.539 0.562 0.493
    SpokenArabicDigits 0.100 0.100 0.100 0.100 0.100 0.100
    StandWalkJump 0.400 0.375 0.533 0.53 0.533 0.533
    UWaveGestureLibrary 0.612 0.712 0.806 0.838 0.855 0.622
    下载: 导出CSV

    A1  多变量时间序列分类数据集UEA

    A1  Multivariate time series classification dataset UEA

    子数据集名称 训练样本数 测试样本数 维度 序列长度 类别数
    ArticularyWordRecognition 275 300 9 144 25
    AtrialFibrillation 15 15 2 640 3
    BasicMotions 40 40 6 100 4
    CharacterTrajectories 1 422 1 436 3 182 20
    Cricket 108 72 6 1 197 12
    DuckDuckGeese 50 50 1 345 270 5
    EigenWorms 128 131 6 17 984 5
    Epilepsy 137 138 3 206 4
    EthanolConcentration 261 263 3 1 751 4
    ERing 30 270 4 65 6
    FaceDetection 5 890 3 524 144 62 2
    FingerMovements 316 100 28 50 2
    HandMovementDirection 160 74 10 400 4
    Handwriting 150 850 3 152 26
    Heartbeat 204 205 61 405 2
    InsectWingbeat 30 000 20 000 200 30 10
    JapaneseVowels 270 370 12 29 9
    Libras 180 180 2 45 15
    LSST 2 459 2 466 6 36 14
    MotorImagery 278 100 64 3 000 2
    NATOPS 180 180 24 51 6
    PenDigits 7 494 3 498 2 8 10
    PEMS-SF 267 173 963 144 7
    Phoneme 3 315 3 353 11 217 39
    RacketSports 151 152 6 30 4
    SelfRegulationSCP1 268 293 6 896 2
    SelfRegulationSCP2 200 180 7 1 152 2
    SpokenArabicDigits 6 599 2 199 13 93 10
    StandWalkJump 12 15 4 2 500 3
    UWaveGestureLibrary 120 320 3 315 8
    下载: 导出CSV
  • [1] 夏元清, 闫策, 王笑京, 宋向辉. 智能交通信息物理融合云控制系统. 自动化学报, 2019, 45(1): 132−142

    Xia Yuan-Qing, Yan Ce, Wang Xiao-Jing, Song Xiang-Hui. Intelligent transportation cyber-physical cloud control systems. Acta Automatica Sinica, 2019, 45(1): 132−142
    [2] 张淇瑞, 孟思琪, 王兰豪, 刘坤, 代伟. 隐蔽攻击下信息物理系统的安全输出反馈控制. 自动化学报, 2024, 50(7): 1363−1372

    Zhang Qi-Rui, Meng Si-Qi, Wang Lan-Hao, Liu Kun, Dai Wei. Secure output-feedback control for cyber-physical systems under stealthy attacks. Acta Automatica Sinica, 2024, 50(7): 1363−1372
    [3] Zhang Z, Li W, Bao R, Harimoto K, Wu Y, Sun X. ASAT: Adaptively scaled adversarial training in time series. Neurocomputing, 2023, 522: 11−23 doi: 10.1016/j.neucom.2022.12.013
    [4] Bai T, Luo J, Zhao J, Wen B, Wang Q. Recent advances in adversarial training for adversarial robustness. arXiv preprint arXiv: 2102.01356, 2021.
    [5] Goodfellow I. Defense against the dark arts: An overview of adversarial example security research and future research directions. arXiv preprint arXiv: 1806.04169, 2018.
    [6] Goodfellow I J, Shlens J, Szegedy C. Explaining and harnessing adversarial examples. arXiv preprint arXiv: 1412.6572, 2014.
    [7] 张耀元, 原继东, 刘海洋, 王志海, 赵培翔. 基于局部扰动的时间序列预测对抗攻击. 软件学报, 2024, 35 (11): 5210−5227 doi: 10.13328/j.cnki.jos.007056

    Zhang Yao-Yuan, Yuan Ji-Dong, Liu Hai-Yang, Wang Zhi-Hai, Zhao Pei-Xu. Adversarial attack of time series forecasting based on local perturbations. Journal of Software, 2024, 35 (11): 5210−5227 doi: 10.13328/j.cnki.jos.007056
    [8] Kurakin A, Goodfellow I J, Bengio S. Adversarial examples in the physical world. In: Proceedings of the International Conference on Learning Representations. Toulon, France: ICLR, 2017.
    [9] Madry A, Makelov A, Schmidt L, Tsipras, D Vladu A. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv: 1706.06083, 2017.
    [10] Liu H Y, Ge Z J, Zhou Z Y, Shang F H, Liu Y Y, Jiao L C. Gradient correction for white-box adversarial attacks. IEEE Transactions on Neural Networks and Learning Systems, DOI: 10.1109/TNNLS.2023.3315414
    [11] Carlini N, Wagner D. Towards evaluating the robustness of neural networks. In: Proceedings of the IEEE Symposium on Security and Privacy. California, USA: IEEE, 2017. 39−57
    [12] Zhang H, Yu Y, Jiao J, Xing E, El Ghaoui L, Jordan M. Theoretically principled trade-off between robustness and accuracy. In: Proceedings of the International Conference on Machine Learning. California, USA: ICML, 2019. 7472−7482
    [13] Tramèr F, Kurakin A, Papernot N, Goodfellow I, Boneh D, McDaniel P. Ensemble adversarial training: Attacks and defenses. arXiv preprint arXiv: 1705.07204, 2017.
    [14] Yang W, Yuan J, Wang X, Zhao, P. TSadv: Black-box adversarial attack on time series with local perturbations. Engineering Applications of Artificial Intelligence, 2022, 114: Article No. 105218 doi: 10.1016/j.engappai.2022.105218
    [15] Harford S, Karim F, Darabi H. Generating adversarial samples on multivariate time series using variational autoencoders. IEEE/CAA Journal of Automatica Sinica, 2021, 8(9): 1523−1538 doi: 10.1109/JAS.2021.1004108
    [16] Qi S, Chen J, Chen P, Wen P, Shan W, Xiong L. An effective WGAN-based anomaly detection model for IoT multivariate time series. In: Proceedings of Pacific-Asia Conference on Knowledge Discovery and Data Mining. Osaka, Japan: Springer Nature Switzerland, 2023. 80−91
    [17] 陈晋音, 沈诗婧, 苏蒙蒙, 郑海斌, 熊晖. 车牌识别系统的黑盒对抗攻击. 自动化学报, 2021, 47(1): 121−135

    Chen Jin-Yin, Shen Shi-Jing, Su Meng-Meng, Zheng Hai-Bin, Xiong Hui. Black-box adversarial attack on license plate recognition system. Acta Automatica Sinica, 2021, 47(1): 121−135
    [18] Baluja S, Fischer I. Adversarial transformation networks: Learning to generate adversarial examples. arXiv preprint arXiv: 1703.09387, 2017.
    [19] Xiao C, Li B, Zhu J Y, He W, Liu M, Song D. Generating adversarial examples with adversarial networks. In: Proceedings of the 27th International Joint Conference on Artificial Intelligence. Stockholm, Sweden: AAAI, 2018. 3905−3911
    [20] Li J, Yang Y, Sun J S, Tomsovic K, Qi H. ConAML: Constrained adversarial machine learning for cyber-physical systems. In: Proceedings of the ACM Asia Conference on Computer and Communications Security. New York, USA: ACM, 2021. 52−66
    [21] Karim F, Majumdar S, Darabi H. Adversarial attacks on time series. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2020, 43(10): 3309−3320
    [22] Qian Z, Huang K, Wang Q F, Zhang X Y. A survey of robust adversarial training in pattern recognition: Fundamental, theory, and methodologies. Pattern Recognition, 2022, 131: Article No. 108889 doi: 10.1016/j.patcog.2022.108889
    [23] Zhang H, Chen H, Xiao C, Gowal S, Stanforth R, Li B, et al. Towards stable and efficient training of verifiably robust neural networks. In: Proceedings of the International Conference on Learning Representations. New Orleans, USA: ICLR, 2019.
    [24] Shafahi A, Najibi M, Ghiasi M A, Xu Z, Dickerson J, Studer C, et al. Adversarial training for free! In: Proceedings of the 33rd International Conference on Neural Information Processing Systems. Vancouver BC, Canada: Curran Associates Inc, 2019. 3358−3369
    [25] Guo X, Zhang R, Zheng Y, Mao Y. Robust regularization with adversarial labelling of perturbed samples. arXiv preprint arXiv: 2105.13745, 2021.
    [26] Liu X, Hsieh C J. Rob-GAN: Generator, discriminator, and adversarial attacker. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. California, USA: IEEE, 2019. 11234−11243
    [27] 陈晋音, 吴长安, 郑海斌, 王巍, 温浩. 基于通用逆扰动的对抗攻击防御方法. 自动化学报, 2023, 49(10): 2172−2187

    Chen Jin-Yin, Wu Chang-An, Zheng Hai-Bin, Wang Wei, Wen Hao. Universal inverse perturbation defense against adversarial attacks. Acta Automatica Sinica, 2023, 49(10): 2172−2187
    [28] Liu L, Park Y, Hoang T N, Hasson H, Huan J. Robust multivariate time-series forecasting: Adversarial attacks and defense mechanisms. In: Proceedings of the International Conference on Learning Representations. Kigali, Rwanda: ICLR, 2022.
    [29] Liu Y, Xu L, Yang S, Zhao D, Li X. Adversarial sample attacks and defenses based on LSTM-ED in industrial control systems. Computers and Security, 2024, 140: Article No. 103750
    [30] Khan M, Wang H, Ngueilbaye A, Elfatyany A. End-to-end multivariate time series classification via hybrid deep learning architectures. Personal and Ubiquitous Computing, 2023, 27(2): 177−191 doi: 10.1007/s00779-020-01447-7
    [31] Zou X, Wang Z, Li Q, Sheng W. Integration of residual network and convolutional neural network along with various activation functions and global pooling for time series classification. Neurocomputing, 2019, 367: 39−45 doi: 10.1016/j.neucom.2019.08.023
    [32] He K, Zhang X, Ren S, Sun J. Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. Nevada, USA: IEEE, 2016. 770−778
    [33] Tang W, Long G, Liu L, Zhou T, Blumenstein M, Jiang J. Omni-Scale CNNs: A simple and effective kernel size configuration for time series classification. In: Proceedings of the International Conference on Learning Representations. Kigali, Rwanda: ICLR, 2022.
    [34] Zerveas G, Jayaraman S, Patel D, Eickhoff C. A transformer-based framework for multivariate time series representation learning. In: Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining. New York, USA: Association for Computing Machinery, 2021. 2114−2124
    [35] Bagnall A, Dau H A, Lines J, Flynn M, Large J, Bostrom A, et al. The UEA multivariate time series classification archive. arXiv preprint arXiv: 1811.00075, 2018.
    [36] 夏元清. 云控制系统及其面临的挑战. 自动化学报, 2016, 42(1): 1−12

    Xia Yuan-Qing. Cloud control systems and their challenges. Acta Automatica Sinica, 2016, 42(1): 1−12
  • 加载中
图(7) / 表(8)
计量
  • 文章访问数:  124
  • HTML全文浏览量:  34
  • PDF下载量:  6
  • 被引次数: 0
出版历程
  • 收稿日期:  2024-01-19
  • 录用日期:  2024-07-23
  • 网络出版日期:  2024-09-29

目录

    /

    返回文章
    返回